One major problem facing modern computing systems and communications systems is the prevalence of spam and/or scam electronic mail (e-mail) that includes malicious, unwanted, offensive, or nuisance content, such as, but is not limited to: any content that promotes and/or is associated with fraud; any content that includes “work from home” or “be our representative” offers/scams; any content that includes money laundering or so-called “mule spam”; any content that promotes and/or is associated with various financial scams; any content that promotes and/or is associated with any other criminal activity; and/or any content that promotes and/or is associated with harmful and/or otherwise undesirable content, whether illegal in a given jurisdiction or not.
One particularly troublesome, and at times dangerous, form of scam e-mail is the so called “Nigerian 419” spam e-mail. A typical Nigerian 419 e-mail is a form of advance-fee fraud in which the target is persuaded to advance sums of money in the hope of realizing a significantly larger gain. The number “419” refers to the article of the Nigerian Criminal Code (part of Chapter 38: “Obtaining Property by false pretences; Cheating”) dealing with fraud. However, as discussed below, Nigerian 419 scams are a global issue and problem.
Although similar to older scams such as the Spanish Prisoner, the modern Nigerian 419 scam originated in the early 1980s as the oil-based Nigerian economy declined. Several unemployed university students first used this scam as a means of manipulating business visitors interested in shady deals in the Nigerian oil sector before targeting businessmen in the west, and later the wider population. Scammers in the early-to-mid 1990s targeted companies, sending scam messages via letter, fax, or Telex. The spread of e-mail and easy access to e-mail-harvesting software significantly lowered the cost of sending scam letters by using the Internet. In the 2000s, the Nigerian 419 scam has spurred imitations from other locations in Africa, Asia and Eastern Europe, and, more recently, from North America, Western Europe (mainly UK), and Australia, the latter three mainly done by Africans. Consequently, currently, Nigerian 419 scams are a global issue.
A Nigerian 419 scam usually begins with an e-mail purportedly sent to a selected recipient but actually sent to many, making an offer that would result in a large payoff for the victim. The e-mail's subject line often says something like “From the desk of Mr. [Name]”, “Your assistance is needed”, and so on. The details vary, but the usual story is that a person, often a government or bank employee, knows of a large amount of unclaimed money or gold which he cannot access directly, usually because he has no right to it. The sums involved are usually in the millions of dollars, and the investor is promised a large share, typically ten to forty percent, if they assist the scam character in retrieving the money. Whilst the vast majority of recipients do not respond to these e-mails, a very small percentage do, but this is often enough to make the fraud worthwhile as many millions of messages can be sent. Invariably sums of money which are substantial, but very much smaller than the promised profits, are said to be required in advance for bribes, fees, etc. This is the money being stolen from the victim, who thinks he or she is investing to make a huge profit.
A Nigerian 419 scammer often introduces a delay or monetary hurdle that prevents the deal from occurring as planned, such as “To transmit the money, we need to bribe a bank official. Could you help us with a loan?” or “For you to be a party to the transaction, you must have holdings at a Nigerian bank of $100,000 or more” or some similar request. More delays and more additional costs are then added, always keeping the promise of an imminent large transfer alive, convincing the victim that the money they are currently paying is covered several times over by the payoff. However, the essential fact in all advance-fee fraud operations, such as a Nigerian 419 scam, is that the promised money transfer never happens because the money or gold does not exist. The perpetrators rely on the fact that, by the time the victim realizes this, the victim may have sent thousands of dollars of their own money, and sometimes thousands or millions more that has been borrowed or stolen, to the scammer via an untraceable and/or irreversible means such as wire transfer.
Since Nigerian 419 scammers often make use of low-volume and/or hand written e-mail messages, identifying Nigerian 419 scam e-mails and quarantining them is often quite difficult. However, many Nigerian 419 scam e-mails include one or more real telephone numbers that are included to provide the recipient/victim a mechanism for responding to the e-mail and/or to provide a veil of legitimacy to the e-mail. These phone numbers are typically more scarce and more difficult to obtain than an e-mail address so a given phone number is often associated with multiple Nigerian 419 e-mails. Consequently, in theory, the fact that Nigerian 419 e-mails often include these phone numbers could be used to identify potential Nigerian 419 e-mails and prevent them from being delivered and/or propagated.
However, attempts to identify Nigerian 419 e-mails based on the presence of phone numbers are particularly susceptible to “false positives”, i.e., unnecessary delays and analysis of legitimate e-mails. Indeed any attempt to isolate and analyze all e-mails containing phone numbers obviously would result in far more false positives than actual instances of preventing the propagation of real Nigerian 419 e-mails. In addition, given that many e-mails include numerous instances of numbers other than phone numbers, such as dates, times, message IDs etc., there is again potential for far more false positives than actual instances of identifying real Nigerian 419 e-mails. Finally, many perpetrators of Nigerian 419 e-mail scams now specifically try to hide phone numbers from any conventional internet and/or e-mail security systems by, for example: adding or deleting country codes, international access codes, characters and/or spaces; intentionally misspelling words; and/or various other, and seemingly ever-evolving, obfuscation techniques.
As a result of the situation described above, currently, Nigerian 419 e-mails are extremely difficult to identify and isolate and, therefore, many of these harmful, and at times dangerous, e-mails still find their way to thousands of victims each year. Clearly, this is a far from ideal situation for the victims, but it is also a problem for all users of e-mail who must suffer with the delays of false positives and/or must be wary of all e-mails, even those of legitimate origin and intent.